MEDIUM 6.1
PYSEC-2024-194
상세
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
PyPI / zenml
최초 영향 버전:
0 수정 버전: f863fde1269bc355951f8cfc826c0244d88ad5e9 수정
pip install --upgrade 'zenml>=f863fde1269bc355951f8cfc826c0244d88ad5e9' 참고
- https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963 [EVIDENCE]
- https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9 [FIX]
- https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963 [FIX]
- https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963 [REPORT]
- https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963 [WEB]
- https://github.com/advisories/GHSA-mq73-g4qr-fgcq [ADVISORY]